https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571396#M1088307 <P>The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.</P> <P>If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.</P> Wed, 16 Mar 2022 08:34:45 GMT Marvin Rhoads 2022-03-16T08:34:45Z https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571263#M1088298 <P>Hello Community,</P><P>&nbsp;</P><P>I have never worked with a ASA firewall server or SSL certification installation. I have spent a great deal of time reading and watching related content.&nbsp;</P><P>&nbsp;</P><P>First, I do not have access to the appliance and I have to work with an engineer to access and install on the ASA 5510. The engineer has generated a CSR from the ASA 5510 under&nbsp;Certificate Management &gt; Identity Certificates. I have submitted the CSR to the SSL company. The CSR was received, validated, and a Zip file with three CRT files was downloaded. I provided the engineer with the Zip file, he extracted the three CRT files but states he cannot install them. The engineer has provided a screenshot of the ASA pop-up window and it requires an "identity certificate from a file (PKCS12 format with Certificate(s)+Private Key)."&nbsp;</P><P>&nbsp;</P><P>I am stuck. I have re-issued the SSL certificate from my SSL company three times and the engineer states they are unable to install the certificates because the certificates do not meet the criteria. I watched the engineer, under Certificate Management &gt; Identity Certificates &gt; Install button on pending certificate, copy-paste the CRT file contents into the textbox and click install certificate. The results are an error (apologizes, I did not note the error message). I would love some feedback, advice, anything.</P><P>&nbsp;</P><P>Thank you for your time.&nbsp;</P> Tue, 15 Mar 2022 23:08:11 GMT https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571263#M1088298 chris.perez86 2022-03-15T23:08:11Z https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571396#M1088307 <P>The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.</P> <P>If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.</P> Wed, 16 Mar 2022 08:34:45 GMT https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571396#M1088307 Marvin Rhoads 2022-03-16T08:34:45Z https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571823#M1088350 <P>*Update*</P><P>&nbsp;</P><P>I had the engineer re-created the CSR and the SSL company re-issue the CRT Zip file. I watched the engineer successfully install the files on the "pending" CSR under <SPAN>Identity Certificates. There were zero errors and the pop-up window requesting additional certificate information never presented itself. I would deem this a process problem not an appliance problem. I validated my webpage is now secure and the certificate information is accurate.</SPAN></P><P><SPAN><BR />Thank you Marvin for your response.</SPAN></P> Wed, 16 Mar 2022 16:16:01 GMT https://community.cisco.com/t5/network-security/wildcard-ssl-unable-to-install-on-asa-5510/m-p/4571823#M1088350 chris.perez86 2022-03-16T16:16:01Z